/**
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
 *
 * The contents of this file are subject to the terms
 * of the Common Development and Distribution License
 * (the License). You may not use this file except in
 * compliance with the License.
 *
 * You can obtain a copy of the License at
 * https://opensso.dev.java.net/public/CDDLv1.0.html or
 * opensso/legal/CDDLv1.0.txt
 * See the License for the specific language governing
 * permission and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL
 * Header Notice in each file and include the License file
 * at opensso/legal/CDDLv1.0.txt.
 * If applicable, add the following below the CDDL Header,
 * with the fields enclosed by brackets [] replaced by
 * your own identifying information:
 * "Portions Copyrighted [year] [name of copyright owner]"
 *
 * $Id: ImportBulkFederationData.java,v 1.6 2009/10/29 00:03:50 exu Exp $
 *
 */

package com.sun.identity.federation.cli;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.cli.AuthenticatedCommand;
import com.sun.identity.cli.CLIException;
import com.sun.identity.cli.ExitCodes;
import com.sun.identity.cli.IOutput;
import com.sun.identity.cli.LogWriter;
import com.sun.identity.cli.RequestContext;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
import com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
import com.sun.identity.federation.accountmgmt.FSAccountUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.NameIDInfo;
import com.sun.identity.saml2.common.NameIDInfoKey;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.logging.Level;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/**
 * Import Bulk Federation Data.
 * The input file is generated by <code>BulkFederation</code> class.
 */
public class ImportBulkFederationData extends AuthenticatedCommand {
    static final String ARGUMENT_METADATA = "metaalias";
    static final String ARGUMENT_BULK_DATA = "bulk-data-file";
    
    private String metaAlias;
    private String bulkFedData;
    private String spec;
    boolean isIDP;
    private String localEntityId;
    private String remoteEntityId;
   
    /**
     * Imports bulk federation data.
     *
     * @param rc Request Context.
     * @throws CLIException if unable to process this request.
     */
    @Override
    public void handleRequest(RequestContext rc) 
        throws CLIException {
        super.handleRequest(rc);
        ldapLogin();
        
        metaAlias = getStringOptionValue(ARGUMENT_METADATA);
        bulkFedData = getStringOptionValue(ARGUMENT_BULK_DATA);
        spec = FederationManager.getIDFFSubCommandSpecification(rc);

        String[] params = {metaAlias, bulkFedData, spec};
        writeLog(LogWriter.LOG_ACCESS, Level.INFO,
            "ATTEMPT_IMPORT_BULK_FED_DATA", params);
        
        try { 
            if (spec.equals(FederationManager.DEFAULT_SPECIFICATION)) {
                saml2GetRoleAndEntityId();
                Map nameIds = new HashMap();
                validateFile(nameIds);
                handleSAML2Request(nameIds);
                writeLog(LogWriter.LOG_ACCESS, Level.INFO,
                    "SUCCEEDED_IMPORT_BULK_FED_DATA", params);
            } else if (spec.equals(FedCLIConstants.IDFF_SPECIFICATION)) {
                idffGetRoleAndEntityId();
                Map nameIds = new HashMap();
                validateFile(nameIds);
                handleIDFFRequest(nameIds);
                writeLog(LogWriter.LOG_ACCESS, Level.INFO,
                    "SUCCEEDED_IMPORT_BULK_FED_DATA", params);
            } else {
                throw new CLIException(
                    getResourceString("unsupported-specification"),
                    ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
        } catch (CLIException e) {
            String[] args = {metaAlias, bulkFedData, spec, e.getMessage()};
            writeLog(LogWriter.LOG_ERROR, Level.INFO,
                "FAILED_IMPORT_BULK_FED_DATA", args);
            throw e;
        }
    }
    
    private void idffGetRoleAndEntityId()
        throws CLIException {
        try {
            IDFFMetaManager idffMgr = new IDFFMetaManager(ssoToken);
            String role = idffMgr.getProviderRoleByMetaAlias(metaAlias);
            if (role == null) {
                Object[] param = {metaAlias};
                throw new CLIException(MessageFormat.format(
                    getResourceString(
                    "import-bulk-federation-data-unknown-metaalias"),
                    param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            isIDP = role.equals(IFSConstants.IDP);
            localEntityId = idffMgr.getEntityIDByMetaAlias(metaAlias);
        } catch (IDFFMetaException e) {
            debugError("ImportBulkFederationData.idffGetRoleAndEntityId", e);
            Object[] param = {metaAlias};
            throw new CLIException(MessageFormat.format(
                getResourceString(
                "import-bulk-federation-data-unknown-metaalias"),
                param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }
    
    private void saml2GetRoleAndEntityId()
        throws CLIException {
        try {
            SAML2MetaManager saml2Mgr = new SAML2MetaManager(ssoToken);
            String role = saml2Mgr.getRoleByMetaAlias(metaAlias);
            if (role.equals(SAML2Constants.UNKNOWN_ROLE)) {
                Object[] param = {metaAlias};
                throw new CLIException(MessageFormat.format(
                    getResourceString(
                    "import-bulk-federation-data-unknown-metaalias"),
                    param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            isIDP = role.equals(SAML2Constants.IDP_ROLE);
            localEntityId = saml2Mgr.getEntityByMetaAlias(metaAlias);
        } catch (SAML2MetaException e) {
            debugError("ImportBulkFederationData.idffGetRoleAndEntityId", e);
            Object[] param = {metaAlias};
            throw new CLIException(MessageFormat.format(
                getResourceString(
                "import-bulk-federation-data-unknown-metaalias"),
                param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    private void handleSAML2Request(Map nameIds)
        throws CLIException {
        for (Iterator i = nameIds.entrySet().iterator(); i.hasNext(); ) {
            Map.Entry e = (Map.Entry)i.next();
            String userId = (String)e.getKey();
            String nameId = (String)e.getValue();
            saml2FederateUser(userId, nameId);
        }
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnMessage(getResourceString(
            "import-bulk-federation-data-succeeded"));
    }
    
    private void handleIDFFRequest(Map nameIds)
        throws CLIException {
        for (Iterator i = nameIds.entrySet().iterator(); i.hasNext(); ) {
            Map.Entry e = (Map.Entry)i.next();
            String userId = (String)e.getKey();
            String nameId = (String)e.getValue();
            idffFederateUser(userId, nameId);
        }
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnMessage(getResourceString(
            "import-bulk-federation-data-succeeded"));
    }

    private void validateFile(Map map)
        throws CLIException {
        BufferedReader io = null;
        String localId = null;
        
        try {
            io = new BufferedReader(new FileReader(bulkFedData));
            localId = getLocalEntityId(io.readLine());
            matchEntityId(io.readLine(), localEntityId);
            matchRole(io.readLine(), isIDP);
            validateSpec(io.readLine());
            String line = io.readLine();
            
            //expecting uId|nameId format
            while (line != null) {
                line = line.trim();
                int len = line.length();
                if (len > 0) {
                    int idx = line.indexOf('|');
                    if ((idx == -1) || (idx == 0) || (idx == (len -1))) {
                        Object[] param = {line};
                        throw new CLIException(MessageFormat.format(
                            getResourceString(
                           "import-bulk-federation-data-incorrect-data-format"),
                            param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
                    }
                    map.put(line.substring(0, idx), line.substring(idx+1));
                }
                line = io.readLine();
            }
            
            remoteEntityId = localId;
        } catch (IOException e) {
            throw new CLIException(e.getMessage(),
                ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        } finally {
            if (io != null) {
                try {
                    io.close();
                } catch (IOException ex) {
                    //ignored
                }      
            }
        }
    }

    private String getLocalEntityId(String line) 
        throws CLIException {
        if ((line == null) || !line.startsWith(BulkFederation.HEADER_LOCAL)
        ) {
            throw new CLIException(getResourceString(
                "import-bulk-federation-data-incorrect-file-format"),
                ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        return line.substring(BulkFederation.HEADER_LOCAL.length());
    }
    
    /*
     * The remote entity id from the input file should match the
     * entity id of this metaalias.
     */
    private void matchEntityId(String line, String entityId)
        throws CLIException {
        if ((line == null) || !line.startsWith(BulkFederation.HEADER_REMOTE)
        ) {
            throw new CLIException(getResourceString(
                "import-bulk-federation-data-incorrect-file-format"),
                ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        String remoteId = line.substring(BulkFederation.HEADER_REMOTE.length());
        
        if (!entityId.equals(remoteId)) {
            Object[] param = {remoteId};
            throw new CLIException(MessageFormat.format(
                getResourceString(
                "import-bulk-federation-data-incorrect-entity-id"), param),
                ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    /*
     * The role from the input file should NOT match the role of this metaalias.
     * i.e. from the file contains IDP, then this metaalias should have SP role.
     */
    private void matchRole(String line, boolean isIDP)
        throws CLIException {
        if ((line == null) || !line.startsWith(BulkFederation.HEADER_ROLE)
        ) {
            throw new CLIException(getResourceString(
                "import-bulk-federation-data-incorrect-file-format"),
                ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        String role = line.substring(BulkFederation.HEADER_ROLE.length());
        if (isIDP == role.equals("IDP")) {
            throw new CLIException(getResourceString(
                "import-bulk-federation-data-incorrect-role"),
                ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }
    
    /*
     * The specification from the input file should match the entered 
     * specification. either idff or saml2
     */
    private void validateSpec(String line) 
        throws CLIException {
        if ((line == null) || !line.startsWith(BulkFederation.HEADER_SPEC)
        ) {
            throw new CLIException(getResourceString(
                "import-bulk-federation-data-incorrect-file-format"),
                ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        
        String s = line.substring(BulkFederation.HEADER_SPEC.length());
        if (!spec.equals(s)) {
            throw new CLIException(getResourceString(
                "import-bulk-federation-data-incorrect-spec"),
                ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }
    
    private void idffFederateUser(String userId, String nameId) 
        throws CLIException {
        try {
            AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);

            FSAccountFedInfoKey key = (!isIDP) ?
                new FSAccountFedInfoKey(localEntityId, nameId) :
                new FSAccountFedInfoKey(remoteEntityId, nameId);
            FSAccountFedInfo info = null;
            
            if (isIDP) {
                info = new FSAccountFedInfo(remoteEntityId,
                    new NameIdentifier(nameId, remoteEntityId, 
                    IFSConstants.NI_FEDERATED_FORMAT_URI),
                    IFSConstants.LOCAL_NAME_IDENTIFIER, false);
            } else {
                info = new FSAccountFedInfo(remoteEntityId,
                    new NameIdentifier(nameId, localEntityId, 
                    IFSConstants.NI_FEDERATED_FORMAT_URI),
                    IFSConstants.REMOTE_NAME_IDENTIFIER, false);
            }
            
            Map attributes = amid.getAttributes(
                BulkFederation.idffUserAttributesFed);

            Set setInfoKey = (Set)attributes.get(
                FSAccountUtils.USER_FED_INFO_KEY_ATTR);
            if ((setInfoKey == null) || setInfoKey.isEmpty()) {
                setInfoKey = new HashSet(2);
                attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR,
                    setInfoKey);
            }
            setInfoKey.add(FSAccountUtils.objectToKeyString(key));

            Set setInfo = (Set)attributes.get(
                FSAccountUtils.USER_FED_INFO_ATTR);
            if ((setInfo == null) || setInfo.isEmpty()) {
                setInfo = new HashSet(2);
                attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
            }
            setInfo.add(FSAccountUtils.objectToInfoString(info));

            amid.setAttributes(attributes);
            amid.store();
        } catch (FSAccountMgmtException e) {
            debugError("ImportBulkFederationData.idffFederateUser", e);
            Object[] param = {userId};
            throw new CLIException(MessageFormat.format(
                getResourceString("import-bulk-federation-data-cannot-federate"),
                param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        } catch (SAMLException e) {
            debugError("ImportBulkFederationData.idffFederateUser", e);
            Object[] param = {userId};
            throw new CLIException(MessageFormat.format(
                getResourceString("bulk-federation-cannot-federate"),
                param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        } catch (IdRepoException e) {
            debugError("ImportBulkFederationData.idffFederateUser", e);
            IOutput outputWriter = getOutputWriter();
            outputWriter.printlnError(e.getMessage());
        } catch (SSOException e) {
            debugError("ImportBulkFederationData.idffFederateUser", e);
            IOutput outputWriter = getOutputWriter();
            outputWriter.printlnError(e.getMessage());
        }
    }

    private void saml2FederateUser(String userId, String nameIdValue)
        throws CLIException {
        try {
            AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
            NameID nameId = AssertionFactory.getInstance().createNameID();
            nameId.setFormat(
                "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
            if (isIDP) {
                nameId.setNameQualifier(localEntityId);
                nameId.setSPNameQualifier(remoteEntityId);
            } else {
                nameId.setNameQualifier(remoteEntityId);
                nameId.setSPNameQualifier(localEntityId);
            }
            nameId.setValue(nameIdValue);
            String role = (isIDP) ? SAML2Constants.IDP_ROLE :
                SAML2Constants.SP_ROLE;

            NameIDInfoKey key = new NameIDInfoKey(nameIdValue,
                localEntityId, remoteEntityId);
            NameIDInfo info = new NameIDInfo(localEntityId, remoteEntityId,
                nameId, role, true);
            Map attributes = amid.getAttributes(
                BulkFederation.saml2UserAttributesFed);

            Set setInfoKey = (Set)attributes.get(
                FSAccountUtils.USER_FED_INFO_KEY_ATTR);
            if ((setInfoKey == null) || setInfoKey.isEmpty()) {
                setInfoKey = new HashSet(2);
                attributes.put(SAML2Constants.NAMEID_INFO_KEY, setInfoKey);
            }
            setInfoKey.add(key.toValueString());

            Set setInfo = (Set)attributes.get(
                FSAccountUtils.USER_FED_INFO_ATTR);
            if ((setInfo == null) || setInfo.isEmpty()) {
                setInfo = new HashSet(2);
                attributes.put(SAML2Constants.NAMEID_INFO, setInfo);
            }
            setInfo.add(info.toValueString());

            amid.setAttributes(attributes);
            amid.store();
        } catch (SAML2Exception e) {
            debugError("ImportBulkFederationData.idffFederateUser", e);
            Object[] param = {userId};
            throw new CLIException(MessageFormat.format(
                getResourceString("import-bulk-federation-data-cannot-federate"),
                param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        } catch (IdRepoException e) {
            debugError("ImportBulkFederationData.idffFederateUser", e);
            IOutput outputWriter = getOutputWriter();
            outputWriter.printlnError(e.getMessage());
        } catch (SSOException e) {
            debugError("ImportBulkFederationData.idffFederateUser", e);
            IOutput outputWriter = getOutputWriter();
            outputWriter.printlnError(e.getMessage());
        }
    }
}
